ID Vault is a stand alone database, that holds protected versions of users ID files.
Users are assigned to a particular ID VAULT via Security Settings of the Policy. (Organizational or Explicit). ID Vault is a new function introduced in Domino V8.5.
The benefits of using ID vault.
- Much easier and still secure process of resetting user passwords
- Support of other applications to reset ID password in a Vault (API to perform password resets)
- Easy backup and recovery of users ID files
- Automatic synchronization between several ID copies
- No user interaction during rename process
- No user interaction during ID key rollover
ID recovery introduced in 5.x is still supported, but customers are advised to move to ID Vault as it saves time on maintenance after a move to Lotus Notes V8.5.
To Upgrade your users to use ID VAULT you need the ALL of the following:
- Domino Directory upgraded to Domino 8.5 design
- Domino servers upgraded to Domino 8.5 (At least one server)
- Users are upgraded to Lotus Notes 8.5 clients
To support ID Vault implementations, some new features have been added to the Administrator client.
In the Configuration panel you will now find an ID Vaults entry in the Tools side bar. This new section gives you the ability to Create, Manage, and Delete ID Vaults, as well as invoke the Password Reset Authority configuration.
Also, in the People & Groups panel you will find an ID Vaults section in the Tools side bar which will give you access to Reset Password, Set ID Download Count, Extract ID From Vault, and Password Reset Authority.
Benefits of ID VAULT
ID Vault is a safe and easy way how you manage ID files. If user has forgotten a password, you can remotely reset a password, without a Password Recovery procedure, which can be rather long if several people are involved in recovery process. Now recovering a forgotten password can be done in just a moment. When you reset a password you can inform the use of the new password, or you can send it to their manager based on company policy.
: Never provide password to people you don't know by phone.
If for some reason, a Security Officer needs to read someone's crypted Mails, your Security Officer may extract the ID from the vault to access a mail box on behalf of the user without providing a password. This is controlled by the Auditor role in the ID vault database. You may disable this feature by setting SECURE_DISABLE_AUDITOR=1 in server notes.ini
ID vault also helps to synchronize multiple ID copies with each other, so changing an ID on one PC will synchronize the password with other IDs located on other PCs.
If an ID is deleted from a workstation, it will be automatically downloaded to the workstation again when the user launches Lotus Notes.
Steps to deploy ID Vault
- Coordinate ID Vault deployment with your organization Security Officer and IT Manager, as this is impacting the way how IDs are managed in the organization.
- Configure ID Vault
- Assign ID Vault to several users via Explicit policies
- Test ID Vault (different scenarios, see below)
- When testing is over, deploy ID Vault for larger groups of users or the whole organization, and remove Explicit policies from Test users
- When deployment is over, you may need to integrate it with Identity Management solutions
Testing ID vault
During the testing phase test the following scenarios before you begin large scale deployment.
- User has forgotten password
- ID is missing (accidentally deleted)
- User is accessing Lotus Notes from different workstations, changes password in one location
- Add new encryption keys
- Import internet certificate
DetailedID Vault configuration step-by-step instruction can be found here.
ID Vault is not supported yet with a Certificate Authority task; you may need to register users with a certifier, or check this technote whether new versions of Domino added support for this.
ID Vault upload during registration fails when using Certificate Authority
ID vault interoperability FAQ
ID vault password management FAQ
Problem resolution for ID vault end users FAQ
- Mandatory fix for Domino 8.5 servers using the ID Vault feature
- Capacity planning for integration of third-party application and Notes ID Vault